Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Samsung will unblock Windows Updates “within few days”

South-Korean multinational company, Samsung will release a software patch for its PCs “within a few days” that has been disabling Windows Update.

The conglomerate company has issued a statement on Friday assuring its users that it would  correct the problem, which was initially discovered earlier this week, in the coming days.

The spokesperson of the Samsung wrote in the statement, “Samsung has a commitment to security and we continue to value our partnership with Microsoft. We will be issuing a patch through the Samsung Software Update notification process to revert back to the recommended automatic Windows Update settings within a few days.

“Samsung remains committed to providing a trustworthy user experience and we encourage customers with product questions or concerns to contact us directly at 1-800-SAMSUNG FREE,” the statement read.

Patrick Barker, Microsoft researcher, shared on his blog that he discovered a file named Disable_Windowsupdate.exe after assisting a user in troubleshooting his Samsung computer. With this program installed, Windows users will have to manually install Microsoft's patches to update their computers.

He found out that with Disable_Windowsupdate.exe, even if Samsung users already re-enabled the "Install updates automatically" option on Windows Update, once the computer rebooted, the program will inconveniently return the Windows system to manual updates.

The researcher then reported the flaw to Samsung's support team. However, the company explained that it had to create a program that would prevent Windows Update from overwriting Samsung's default hardware drivers such as those for its USB 3.0 ports.

The spokesperson said in the statement that in order to satisfy their consumer, they are providing option to choose if and when they want to update the Windows software on their products.

Although, it has not been disclosed that how many Samsung computers were affected by the Disable_Windowsupdate.exe, it has programmed to work on all computers with Windows XP and higher, across different language settings.

Some reports mentioned that Samsung users have been complaining about this issue since April.
Read more »
TOR
Breaking News TOR

BadOnions : Bad TOR exit nodes attempts to login with sniffed password


A security researcher spent a month to find bad TOR exit nodes by setting up a honeypot kind of website which has a fake login page - To find the nodes that sniffs the traffic and attempts to steal the password.

Tor protects its users by bouncing their communications around a distributed network of relays runs by volunteers all around the world.

Chloe wrote in a blog, “A few weeks ago I got the idea of testing how much sniffing is going on in the Tor network by setting up a phishing site where I login with unique password and then store them. I do this with every exit node there is and then see if a password has been used twice, if that's the case I know which node that was sniffing the traffic.”

According to the researcher, he bought a domain with a tempting name (such as bitcoinbuy) and then created a sub-domain(admin.) by using vhost and set up a simple login.

He used a simple login script that allowed any password ending wiht "sbtc".  He created a random password ending with "sbtc" (eg:d25799f05fsbtc) and used it via tor nodes.

The script also saves the login attempts and successful logins in a file with user agent, IP and time - This will help him to find the bad nodes.

“The results are not so surprising, but what is most surprising about this is that 2 nodes with the 'guard' flag had logged in twice. Also, none of these nodes has been flagged even though I reported them to Tor.” Researcher said in his blog.
He released the result of the test; He tested more than 130k Exit nodes within 32 days. He found that there were 12 failed-login attempts, 16 successful logins that had not come from the researcher.
Read more »
IT Security News
Cisco IT Security News

Cisco announces its intent to acquire OpenDNS

 
Cisco announced on June 30 its intent to acquire OpenDNS, a security company which provides advanced threat protection for any device, anywhere and anytime based in San Francisco.

It is said that the acquisition will boost Cisco's Security everywhere approach by adding broad visibility and threat intelligence from the OpenDNS cloud delivered platform.

According to the press statement issued by the organization, the OpenDNS team will join the Cisco Security Business Group. As per the agreement, Cisco will pay $635 million in cash and assumed equity awards, plus retention based incentives for OpenDNS. The acquisition is expected to close in the first quarter of fiscal year 2016, subject to customary closing conditions.

The press statement said that the burgeoning digital economy and the Internet of Everything (IoE) are expected to spur the connection of nearly 50 billion devices by 2020, creating a vast new wave of opportunities for security breaches across networks. The faster customers can deploy a solution, the faster they can detect, block and remediate these emerging security threats.

“OpenDNS' cloud platform offers security delivered in a Software-as-a- Service (SaaS) model, making it quick and easy for customers to deploy and integrate as part of their defense architecture or incident response strategies. By providing comprehensive threat awareness and pervasive visibility, the combination of Cisco and OpenDNS will enhance advanced threat protection across the full attack continuum before, during and after an attack,” the statement read.

The statement added that OpenDNS' broad visibility, unique predictive threat intelligence and cloud platform with Cisco's robust security and threat capabilities will increase awareness across the extended network, both on- and off-premise, reduce the time to detect and respond to threats, and mitigate risk of a security breach.

Hilton Romanski, Cisco chief technology and strategy officer, said that many people, processes, data and things connected because of which opportunities for security breaches and malicious threats grow exponentially when away from secure enterprise networks.

“OpenDNS has a strong team with deep security expertise and key technology that complements Cisco's security vision. Together, we will help customers protect their extended network wherever the user is and regardless of the device,” Romanski added.
Read more »
Malware Report
Malware Report

New Trojan that hides in PNG images affects healthcare organizatons

A new Trojan named the Stegoloader Trojan has been reported. The most victims claimed by this trojan are based in healthcare organizations in the US.

This new Trojan hides itself in PNG imaged to infiltrate personal computers of people and collect information. The malware hides in the pixels of the images.

The trojan hides in PNG images so it is able to circumvent security measures like network firewalls and personal antivirus software.

This malware was first spotted in 2013, but since then it has been reworked many times and multiple versions of Stegoloader now exist. Dell was the first company to report this malware.

Out of all the Stegoloader victims, 42 percent are in the healthcare industry.
Read more »
Hacking News
Data Breach Hacking News

Penn State University Becomes Victim To Yet Another Cyberattack


Penn State announced that it has detected another cyber attack.  The recent attack has been confirmed by the university on its’s College of Liberal Arts server. 
Penn State has stated that several systems have been compromised by cyberattacks; which have been accounted as two in number by anonymous threats.

FireEye cyber forensic unit, Mandiant has taken over the case and has been trying to investigate and analyse the attacks, that took place on the 4th of May; Seven weeks since then, the university now states that no harm has occurred in regards to the personally identifiable information(PII) or any other research data, since the it had introduced advances cybersecurity measures after the attacks on the College of Engineering servers.

Mandiant’s spokesperson, Nick Pelletier revealed that the attacks took place for the first time in 2014 within a 24-hour time period, while the latter breach was taken into action during March to May in 2015. Mandiant is not sure if the attackers are the same chinese group that attacked engineering.

Nick Jones, vice-president of Penn State in an official statement said that advanced monitoring systems have been introduced into the entire university network with constant support of Mandiant and the the attackers will be soon tracked down.

The attacks in the state university systems have created a threat for federal systems. Where any PII or research data was not compromised, some college-issued usernames and passwords were stolen and accessed. As a result, all the compromised accounts are being renewed and more information can be gathered from http://securepennstate.psu.edu.
Read more »
Vulnerability
Android Vulnerability Vulnerability

Trend Micro discovers vulnerability in Android debugger "Debuggerd"


Trend Micro has found a new vulnerability that exists in phones running Android IceCream Sandwich to Lollipop.

The vulnerability in the debugging program of Android, Debuggered, allows a hacker to view the device's memory and the data stored on it.

You can create a special ELF (Executable and Linkable Format) file to crash the debugger and then you can view the dumps and log files of content stored on the memory.

The glitch in itself is not a big threat but the type of data it can give a hacker access to can lead to a difficult situation.

Google is said to be working on a fix in the next version of Android for this.
Read more »
Ransomware
Breaking News CryptoWall Ransomware Ransomware

Beware of CryptoWall Ransomware, victims reporting losses totaling over $18 million


FBI's Internet Crime Complaint Center's (IC3) data shows CryptoWall as the most current and significant Ransomware affecting millions of individuals and businesses in US.

CryptoWall and its variants have been targeting people since April 2014, between April 2014 and June 2015, the IC3 received 992 CryptoWall related complaints, with victims reporting losses totaling over $18 million.

The victims incurs ransom fees between $200 and $10,000, there are additional costs which includes network mitigation, network countermeasures, loss of productivity, legal fees, IT services, and/or the purchase of credit monitoring services for employees or customers.

The system becomes infected when the victim visits or clicks on the infected advertisement, email, attachment  or  infected websites- The malware encrypts the victim's file stored on the infected machine. Ransomware schemes demand payment in Bitcoin as  it is easy to use, fast, publicly available, decentralized, and provides a sense of heightened security/anonymity.

Victims can register the complaint to local FBI field office, or may also file a complaint with the IC3 at www.IC3.gov.
Read more »
Spam Report
Featured Spam Report

Don’t click every link to read sensational stories on social networking site

Credits: Symantec

Sensational stories! Wow, the only one thing common which we all love. Especially on social medias, we do not think even hesitate before clicking any sites or email to read such stories.

However, researchers say that we need to be vigilant and skeptical when reading sensational stories on social media sites or in emails.

People should visit trusted news sources for information instead of clicking on random links online, go directly to your trusted news source because few days ago, a Brazilian singer and songwriter Cristiano Araújo lost his life in a car accident.

After his death, Symantec started to observe malicious spam email using the news as a lure. Some of the spam emails attempt to entice users into downloading video footage of the accident. If users click on the Google Drive URL found in the email, they will end up downloading malware. The malware is detected as "Download.Bancos", a well-known banking malware that has been plaguing South America for a while now.

Once the initial malware, a downloader, infects the computer, it will download Infostealer.

Security researchers from Symantec Security Response wrote in the blog that their telemetry on the malware distributed by this spam campaign shows it targeting users in Brazil and Venezuela.

“Symantec advises users to be cautious when it comes to emails crafted around popular news stories such as the one discussed in this blog as they may be malicious. This type of social engineering is not limited to email and users should also be careful on social media sites as similar tactics can also be used,” the researcher added.

The researchers strongly suggest that never install applications or do surveys in order to view gated content. It's a trick to put money in the pockets of scammers and anyone’s computer or device is at risk to malware.

“Report suspicious content. Do your part by reporting this type of content as spam,” the blog read.
Read more »
Hackers Arrested
Hackers Arrested

U.S. court sentences a Swedish Blackshades malware maker to 57 months in prison

The United State District Judge P. Kevin Castel has sentenced one of the creators of a malware dubbed ‘Blackshades RAT’(a dangerous threat that can take over computers and steal personal and financial information), Alex Yücel to 57 months in prison.

The Swedish national has been found guilty of computer hacking on February 18, 2015 by the Judge. Along with the 57 months imprisonment, the Judge ordered him to forfeit $200,000.

According to Preet Bharara, United States Attorney for the Southern District of New York, Yucel created, marketed and sold software that was designed to accomplish only to gain control of a computer along with a victim's identity and other important information.

Blackshade RAT was distributed as a $40 download to thousands of online criminals since his operations began in 2010

"This malware victimized thousands of people across the globe and invaded their lives. But Yucel's computer hacking days are now over," Bharara said.

An international effort coordinating with UK National Crime Agency (NCA) shut down the Blackshades attacks in 2014.

During that time, more than 80 people were arrested in raids in the Netherlands, Belgium, France, Germany, the UK, Finland, Austria, Estonia, Denmark, the U.S., Canada, Chile, Croatia, Italy, Moldova and Switzerland.

Over 1,000 storage devices were confiscated, and the whole cyber criminal fraternity was warned that they are running out of hiding places.

"Criminals are finding out that committing crimes remotely offers no protection from arrest," Andy Archibald, deputy director of the NCA's National Cyber Crime Unit at the time, told V3.co.uk.


"The unique scale of this cyber operation shows what can happen when law enforcement agencies at local, national and international level work together to tackle the perpetrators and help keep people safe. Cyber crime is one of the most significant criminal threats to the UK. The NCA is helping to build the capacity of its partners across the country and co-ordinating the UK's collective efforts as part of the response," he added.
Read more »
DDOS Attacks
Advanced Persistent Threat APT attacks Bank Hacking Breaking News Corporate Hacking DDOS Attacks

DDOS, APT attacks on Corporate and Banks


With spate of Distributed denial of service attacks and APT attacks on Banks and corporates, Anti DDOS mitigation vendors and ISP are joining together to fight the menace of DDOS attacks.

A few vendors work with ISP to mitigate the threat, working on putting up monitoring agents on every ISP(hardware box) which is connected to mitigation cloud.
A Bank official told on conditions of anonymity "ISP quickly responds to DDOS attack and mitigates for the customer. But comes to them with a Fat Proposal. Customers need to pay a standard amount ever year to get a protection.  In addition to this amount, they have to pay extra money every time they get hit.  The billing can run into lakhs for banks/corporate who take DDOS mitigation."
Another bank official confided that they have asked for a standard quote per year(ISPs are yet to respond).

Smaller vendors cannot tackle DDOS attacks. It has to be anti ddos companies with ISP which can handle this.

Some corporate and Banks are going in for a solution - They place their main websites and Mobile portal behind a Cloud Based WAF/Anti DDOS mitigation service. At the corporate end, they have a firewall and IPS making sure that no direct connection from the Internet is possible to their ISP Pipe. Does this solve the problem is yet to be seen.

"Advanced Persistent threat are followed by DDOS attacks, this is done to to erase any tracks of compromise on firewall, router, Intrusion Prevention Systems" says J Prasanna, Director, Cyber Security & Privacy Foundation Pte Ltd, a singapore based Cyber security certification organization.

The corporate/Banks are seeing only the DDOS and putting DDOS mitigation in place. It has to be checked to see if there is any compromise on data, criminal compromise from banks/corporate. The criminals could have gained access to the data or network and remain stealth for a long time", says Mr. Sreeram, Director, AVS Labs Pte Ltd, Singapore(organization which does consulting and services on cyber security).

The main problem for organizations is there are many vulnerabilities on systems which are undetected for a long period of time. The vulnerabilities could remain on the application software code written by software programmers or it could be in operating system, networks and other critical system level application. The black hat hackers(APT attackers) could exploits these vulnerabilities generally called 0-day vulnerability which could be used to enter into the systems.

Most of these organization need a "0-Day Vulnerability Assessment & Penetration Testing" and "APT Analysis" to find any Security breach". Normally not every one can do this because you need the best talents on board like "bounty hunters" who do vulnerability finding for fortune 500 companies. But that is no it - " Most bug bounty hunters cant find beyond web vulnerabilities", These auditors/assessors need the 0 day exploits and also knowledge of how APT attacks work. Most organization which perform regular Vulnerability Assessment and Penetration testing and even who do ISO 270001 certification implementation don't have capability to handle Zero-day or APT assessments.

Is a corporate with ISO 270001 standard implementation safe? A quite survey taken for 25 organizations show that almost all had standards implemented and they all experienced data theft. Some of corporate CISOs don't want to accept APT attacks, most of this information of compromise never reaches the management.

All the attacks happened at technical level, because of poor technical controls or products like antivirus/firewall/intrusion prevention not doing what they said they will do.

Do we still trust the ISO270001 implemented in corporate or the products they are using inside to save our data!
Read more »
Data Breach
Breaking News Data Breach

St.Mary's Bank reissue debit cards after merchant data breach

St. Mary’s Bank has initiated the process for issuing new debit cards and ATM PINs to over 5000 customers in a response to a merchant-related breach.

The bank had noticed peculiar activities in certain accounts, which were small transactions viz. $99. 

This was taken as small purchases at locations near New Hampshire and hence was not taken seriously. When the matter was taken into consideration, the officials were able to shut the compromised cards and later the matter was further investigated.

The cards were being hacked at a national retailer, from where the numbers were being sold online. After which, the accounts were tracked and phony numbers were tied to the real accounts, causing illegal access to all the accounts. 

Elizabeth Stodolski, vice president of marketing, said the bank has taken a precaution by cancelling a total of 5,029 debit cards to prevent further fraudulent transactions to take place. The old cards have been deactivated and all the customers have been personally notified about the current situation and the protocols in action.

All the customers have been asked to go to their nearest branch and get reimbursed for their losses, for which St. Mary’s Bank has taken full responsibility. 

The reports did not specify what merchants were affected and how they got compromised.  Often, Cyber criminals use POS malware or skimming device to get the card details.   

But, the question is what if suppose cyber criminals again compromise the card information. Are banks going to provide new cards again?
Read more »
Subscribe to: Comments (Atom)